Pornhub has been targeted in an extortion attempt after attackers claimed to have stolen data linked to the activity of premium users. The attackers contacted the company, demanding payment in exchange for not releasing the information publicly. According to details disclosed by the platform, the incident did not involve a breach of Pornhub’s core systems but was linked to unauthorised access to a third-party analytics service used to track user engagement.
The attackers claimed to possess data showing viewing activity associated with premium accounts. This included information about videos watched, timestamps, and usage patterns. Pornhub said the exposed data did not contain real names, passwords, payment card details, or government-issued identifiers. The company stated that while usernames and email addresses were not included, the activity logs could still be considered sensitive because of the nature of the content involved.
Pornhub said the data was obtained from a third-party service provider that supplies analytics tools to multiple websites. After becoming aware of the incident, the company said it terminated its relationship with the affected provider and launched an investigation. Law enforcement authorities were notified, and an internal review was carried out to assess the scope of the exposure and the credibility of the extortion threat.
The attackers attempted to pressure Pornhub by threatening to release samples of the data. Pornhub said it refused to engage with the extortion demand and took steps to mitigate potential harm. The company emphasised that no direct compromise of its own infrastructure had been identified and that the incident was limited to historical analytics data collected by the external service.
Security specialists note that activity data linked to adult platforms can carry heightened privacy risks even when traditional identifiers are absent. Viewing history may be used for harassment, blackmail, or reputational harm if disclosed. Experts said incidents involving third-party services highlight the importance of carefully managing vendor access and limiting the amount of sensitive information shared with external partners.
Pornhub stated that it has reviewed its data-sharing practices following the incident and implemented additional safeguards. These measures include reducing reliance on third-party analytics tools and tightening controls over how usage data is collected and stored. The company also said it is strengthening contractual requirements for vendors that process user information.
The incident underscores broader concerns about supply chain security and the risks posed by external service providers. Even when a platform’s internal systems remain secure, attackers may exploit weaker controls at third parties to obtain data. Security analysts said organisations should regularly audit vendors, minimise data exposure, and prepare incident response plans that account for indirect breaches.
Pornhub said it will continue cooperating with authorities and monitoring for any further misuse of the data. The company added that protecting user privacy remains a priority and that it will notify affected users if additional information becomes available.